4,461
edits
VPN: Difference between revisions
add openconnect
remove redundant param |
add openconnect |
||
| Line 22: | Line 22: | ||
$ sudo openconnect --authgroup=colleges --user=skan --cafile=/home/skan/certs/myschool-vpn-cafile.crt --servercert sha256:043c3a132f34d87ba8c507f21d775a08dc1d85aa3f2d782996d66d17865af2e0 --juniper https://vpn.myuniversity.edu | $ sudo openconnect --authgroup=colleges --user=skan --cafile=/home/skan/certs/myschool-vpn-cafile.crt --servercert sha256:043c3a132f34d87ba8c507f21d775a08dc1d85aa3f2d782996d66d17865af2e0 --juniper https://vpn.myuniversity.edu | ||
</source> | </source> | ||
= openconnect = | |||
{{testedon|2024-07-10|Ubuntu 20.04 LTS}} | |||
To resolve the "Server certificate verify failed: signer not found" error when connecting to GlobalProtect VPN via openconnect, you need to update your system's trusted certificates to include the certificate authority (CA) that signed the VPN server's certificate. Here are the steps you can follow to obtain and update the server certificate: | |||
# Obtain the Server Certificate: | |||
You can obtain the server certificate using the openssl command. Run the following command to download the certificate: | |||
<syntaxhighlight lang="bash"> | |||
echo | openssl s_client -connect 129.24.2.245:443 -servername 129.24.2.245 | openssl x509 -text -noout > server.crt | |||
</syntaxhighlight> | |||
<ol start="2"> | |||
<li>Add the Certificates to Trusted CA Store:</li> | |||
</ol> | |||
<syntaxhighlight lang="bash"> | |||
sudo cp server.crt /usr/local/share/ca-certificates | |||
sudo update-ca-certificates | |||
</syntaxhighlight> | |||
<ol start="3"> | |||
<li>Since the certificate has been added to the trusted store, there is nothing more to do. However, in cases when it needs to be added manually:</li> | |||
</ol> | |||
<syntaxhighlight lang="bash"> | |||
sudo openconnect --cafile=/usr/local/share/ca-certificates/server.crt https://129.24.2.245 | |||
</syntaxhighlight> | |||